Hey Sean,
No, it’s just not possible in the HTTPS protocol, regardless of how you set it up–again this is not a limitation of Virtualmin or Apache, it is a fact built into the protocol. It’s not a question of how to configure it–it is a question of whether the protocol supports name-based virtual hosting…and it doesn’t.
But maybe you just want one SSL site, and all of your domains can use it via an alias? Something like:
https://www.yourdomain.tld/secure/customerdomain/
Which points to the users public_html (or some other directory–doesn’t have to be a special directory and it’s usually easiest just to share the one content dir, as it will make setting up shopping carts and such easier, but I’ve seen hosts set it up in a special directory called https_docs, or similar).
If this is what you’re after, you don’t need to enable SSL for any of your shared domains…you’d just create one SSL site on the “yourdomain.tld” and then set up a regex alias that handles the redirection into the users public_html.
Something like this added to the VirtualHost section of the SSL site:
AliasMatch ^/secure/([[^/]]+)(/(.*))? /home/$1/public_html/$3
Will make it work for all other accounts…though sub-servers won’t work this way. I’m not sure if there’s a good way to catch all sub-servers without adding them individually (because they live in /home/domainname/domsins/sub-servername).
I believe this comes up enough that we probably ought to handle it automatically. If Virtualmin set it up, it’d be possible to handle the sub-domain case, as well.
Actually, now that I think about it, this is a really bad idea. SuExec is going to either break all scripts or render them insecure with this type of setup…unless all of your users that have such domains are trusted, I don’t recommend it.
Hmmm…Maybe we can proxy…That might break the actual SSL, though. No longer end-to-end…but maybe the proxy can act as the end point. Argh. Complicated. I’ll have to try it. Will ping this thread in a few minutes when I know for sure whether we can solve this with proxying while maintaining the security of SuExec.